Note it's possible to use grub2 configuration directives to lock down
privileged operations (such as access to the shell). The 'superusers'
and 'password*' directives can be used to require user auth before
certain operations. It even looks like it's possible to completely
disable these privileged operations by setting 'superusers' to an empty
string. For more information see: